CN1400771A - Biostatistically verified VLAN - Google Patents
Biostatistically verified VLAN Download PDFInfo
- Publication number
- CN1400771A CN1400771A CN02121536.7A CN02121536A CN1400771A CN 1400771 A CN1400771 A CN 1400771A CN 02121536 A CN02121536 A CN 02121536A CN 1400771 A CN1400771 A CN 1400771A
- Authority
- CN
- China
- Prior art keywords
- user
- biostatistics
- identification information
- customer identification
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4675—Dynamic sharing of VLAN information amongst network nodes
- H04L12/4679—Arrangements for the registration or de-registration of VLAN attribute values, e.g. VLAN identifiers, port VLAN membership
Abstract
A user authentication system and method for a data communication network that helps ensure that a user accessing the network resources is indeed the person having a claimed identity. The user's identity is verified by a biometric system by examining the user's physiological or behavioral characteristic. User identification information needed for accessing the network resources is stored in the biometric system and not released until the user's identity is verified. Upon verification of the user's identity, the user identification data is provided to a switching node for determining the VLANs that the user may access.
Description
The cross reference of related application
This application requires the provisional application No.60/274 of application on March 8 calendar year 2001,113 rights and interests, and its content is in this combined reference.This application also comprises and U.S. Patent No. 6,070, the U. S. application No.09/838 of disclosed theme and April 18 calendar year 2001 application in 243, the relevant theme of disclosed theme among 076 (the lawyer's summary 41625/JEC/XZ), the content of these two is in this all combined reference.
Invention field
The present invention relates generally to and the user-authentication scheme of communication network, and relate more specifically to user according to user-dependent physical characteristic checking VLAN.
Background technology
Virtual Local Area Network is to distinguish the logical sub network of serving based on strategy rather than physical location in cross-over connection LAN.Traditionally, no matter member of vlan's qualification is assigned to terminal system and the user's of these systems identity.For example, by Network and this professional configuration rule group of classification being compared and distributing member of vlan's qualification to the system that one or more VLAN go by deduction this business that starts.
In nearest technology, the identity that sends professional user is considered in assigning process.Under this nearest technology, the user of terminal system is presented the visit to the personification group of VLAN after his or her checking.Usually, the user in terminal station starts the one-time authentication session with switching node, and this terminal station physically is connected on the switching node by emission user's name and password.This terminal station can comprise personal computer, work station or the like.Switching node can comprise switch, router or the like.
The name of this node search subscriber in one or more authentication servers and password are till finding a coupling, and this user is allowed to visit one or more authorized VLAN then.If if do not find coupling or user not to be authorized to during login attempt, then this user is apprised of authentication failed and is rejected visit except that other checking is attempted.
A problem of described proof scheme is: it just verifies or examines an identity that is required, but does not but want to discern a user based on user's characteristic.Therefore, anyone that can visit a valid user name and password can obtain the visit to one or more VLAN, even this user is not that people that he or she claimed.Though can employ prevention a people's password be maintained secrecy, the user may reveal it inadvertently or select one may be easily by password that other people infer.
Therefore, in current techniques, need the user-authentication scheme of a kind of VLAN, according to may the characteristic relevant really discerning a user with the individual.This user-authentication scheme will be utilized existing switching node to come work and not need to revise or rebuild these nodes.
Summary of the invention
According to an embodiment, The present invention be directed to a kind of subscriber authentication system of communication network that comprises first node and be coupled to the Section Point of first node.Section Point receives the biostatistics sampling from individual philtrum, examines individual's identity based on this biostatistics sampling, and discharges the customer identification information relevant with this individual after individual's identity verification.Customer identification information is transmitted to first node, and an indentification protocol that is used to carry out with the 3rd node exchanges.
According to another one embodiment, The present invention be directed to a kind of subscriber authentication system of communication network, this communication network comprises: the addressable main frame of people one by one is used to visit one or more VLAN; Receive a biometric system and a switching node of biostatistics sampling from this philtrum.If this biometric system is sampled based on biostatistics and is examined this personal identification and status that should the individual and be verified then discharge customer identification information.Switching node receives by the customer identification information of biometric system generation and according to customer identification information and allows the one or more VLAN of host access.
In another embodiment, The present invention be directed to a kind of subscriber authentication system of communication network, it comprises: an input is used to receive the biostatistics sampling from the individual; First engine that is coupled to this input is used for sampling according to biostatistics and examines this individual identity; With second engine that is coupled to first engine, if identity that should individuality is examined by first engine then is used to discharge customer identification information.This customer identification information is used to one or more VLANs that definite this individuality is verified.
In another embodiment, The present invention be directed to a kind of user authentication method that is used for communication system.This method comprises the steps; The biostatistics that receives self energy to visit in the individuality of first node is sampled; This biostatistics sampling is compared with the biometric data that stores; The coupling of the biometric data that responds this biostatistics sampling and store discharges customer identification information; The customer identification information that produces and the user data of storage are compared; The coupling of the user data of response customer identification information and storage, a tabulation of the Virtual Local Area Network that retrieval is authorized to; With the VLAN that allows the first node visit to be authorized to.
In another embodiment, The present invention be directed to a kind of user authentication method that is used for communication system.This method comprises the steps: to receive the biostatistics sampling in the individuality of self energy visit first node; Examine this individual identity based on this biostatistics sampling; If be verified, then allow the first node visit to be the selected one or more Virtual Local Area Network of this individuality with identity that should individuality.
Therefore, should be appreciated that, the present invention assisted in ensuring that the user of accesses network resource straight be those people with desired identity.By customer identification information is stored in the node that just just discharges information after user's identity verification, prevented unwarranted information use.
Description of drawings
When thinking deeply about following detailed specification, additional claim and accompanying drawing, these and other features of the present invention, aspect and advantage will be understood more completely, in the accompanying drawing:
Fig. 1 is the schematic block diagram of Biostatistically verified data communication network according to an embodiment of the invention;
Fig. 2 is the block diagram that the biostatistics of Fig. 1 is tested the biometric system in the data communication network;
Fig. 3 is the schematic block diagram of the main frame in the Biostatistically verified data communication network of Fig. 1;
Fig. 4 is the block diagram of the switching node in the Biostatistically verified data communication network of Fig. 1;
Fig. 5 is the schematic block diagram of the webserver in the Biostatistically verified data communication network of Fig. 1;
Fig. 6 is a function diagram of verifying the agency according to an embodiment of the invention;
Fig. 7 is the function diagram of authentication server according to an embodiment of the invention;
Fig. 8 is the function diagram of biostatistics client module according to an embodiment of the invention;
Fig. 9 is a function diagram of verifying client's module according to an embodiment of the invention; With
Figure 10 is the process chart according to Biostatistically verified VLAN of the present invention.
Embodiment
Fig. 1 is the schematic block diagram of Biostatistically verified data communication network according to an embodiment of the invention.This network comprises by the communication link such as USB (USB) and is coupled to a biometric system 10 on the main frame 12.Switching node 14 is coupled on the main frame 12 and the webserver 22.Switching node 14 similarly connects to communicate by letter with the webserver 22 with main frame 12 by public internet, private intranet and/or as known in the art other.
In general, the user of an expectation particular network resource of visit (such as a specific VLAN) offers biometric system 10 to his or her biostatistics sampling.According to one embodiment of present invention, the biostatistics that biometric system 10 emissions are received is sampled to main frame 12, is used to examine this user's identity.In another embodiment of the present invention, this verification process itself is realized by biostatistics equipment.In another one embodiment of the present invention, this verification process occurs in the server (not shown) that separates that a default VLAN connects.
If this user's identity is verified, then biometric system 10 discharges the needed user's of this network of visit identifying information, for example, and such as user name, password, PIN, mark (token) etc.This user knows other information and preferably is transmitted to main frame 12, and it then uses this information and switching node 14 to carry out an indentification protocol exchange, is used for verifying that the user enters into one or more VLAN16,18,20.
Fig. 2 is the block diagram according to biometric system 10 of the present invention.Certainly, should be appreciated that the block diagram of biometric system 10 has been described Fig. 2 and add ons and/or assembly that this system of establishment of no use may need thicken inventive aspect of the present invention.Unshowned these additional element and/or assemblies are well known to a person skilled in the art in Fig. 2.
Matching engine 34 and identifying information generator 38 are software, hardware and/or firmware, such as application-specific integrated circuit (ASIC) (ASIC) module, if when being used for examining respectively user's identity and user and being verified then discharge customer identification information.Matching engine 34 the biostatistics sampling that is provided by input 30 is provided and is the match search biometric data storehouse 36 of the biostatistics sampling of input.
Biometric data storehouse 36 preferably includes each user's of biometric system 10 registrations biometric template.Preferably, this biometric template is a mathematical notation of user's biometric data.In another embodiment, this biometric data storehouse 36 can be replaced by portable mark, and for example wise card allows the user to keep the ownership of their biometric data at any time.
Matching engine 34 compares the biometric template in sampling of the biostatistics of an input and the biometric data storehouse 36 and produce a result 42 to the identifying information generator represents whether user's identity is verified.The all or part of of this result preferably further taked the output 46 of the form of monitor, LCD display or other display device to show.In one embodiment of the invention, this result's all or part of main frame 12 that is transmitted to is used for showing thereon.
If user's identity is verified, the customer identification information in the identifying information generator retrieve identification information database 40 then.Identifying information database 40 preferably provides the centralized storage of the registered user's of this system customer identification information.Identifying information database 40 preferably for example such as user name, password, PIN, mark and/or similarly customer identification information be associated with each biometric template in the biometric data storehouse 36.After the biostatistics sampling matching of biometric template and input, the appropriate users identifying information is retrieved.The customer identification information that retrieves is launched into main frame 12 as dateout 44.
Those skilled in the art will recognize that, though import 30, matching engine 34, biometric data storehouse 36, identifying information generator 38, identifying information database 40 and export 46 and be illustrated and be present in the single biometric system 10, any one of these assemblies or any combination may operate in one or more other equipment in the net that ventilates.For example, matching engine 34 and/or identifying information generator 38 may reside in the main frame 12 or are present in the independently background server that is coupled on the default VLAN.
Fig. 3 is the schematic block diagram according to the main frame 12 of the embodiment of the invention.Main frame 12 preferably includes a user interface 50,54 and checkings of a biostatistics client module (client) client module 52.User interface 50 preferably includes input and output, for example such as keyboard, keypad, display screen, mouse, joystick, tracking ball etc.
Biostatistics client's module 54 preferably is used for the software module application program of communicating by letter with biometric system 10.Preferably, biostatistics client module 54 automatically is called after main frame 12 is started by the user.Biostatistics client's module detection of biological statistics system 10 and make this system carry out examining of user identity.Perhaps, biostatistics client module only is called after user's direct action.
If user's identity is verified, verify that then client's module 52 preferably is used to carry out a software module application program (application) of handling with the checking of switching node 14.This software module can take to be installed in the form of a kind of software application on the main frame 12, but also can take the form based on a standard software application program the weblication such as Telnet, XCAP (Xylan client's module verification agreement xylan Client Authentcation Protocol) or.Checking client module 52 preferably is configured with the address of a switching node 14.This address can be MAC layer (MAC) address of an IP address or a reservation.
Fig. 4 is the schematic block diagram according to the switching node 14 of the embodiment of the invention.This switching node 14 preferably includes a management processor module 60, trunk module 62 and the authentication module 64 by 66 interconnection of exchange link.For example preferably use the firmware such as ASIC to realize trunk module and authentication module 62,64.Management processor module 60 preferably is embodied as a software module of moving on the processor of switching node 14.
Management processor module 60 preferably includes a checking and acts on behalf of 60a, is used for receiving from the customer identification information of main frame 12 and to a specific VLLAN verifying this user.Trunk module 62 preferably receives and transmits grouping by a backbone network.Authentication module 64 preferably includes a LAN interface that interconnects main frame 12 and exchange link 66.Authentication module 64 preferably also comprises and is used to the logic of explaining, revise, filtering and transmitting grouping.Authentication module 64 can also be operated and carry out the necessary LAN media translation so that switching node 14 can support to use Different L AN medium to come the main frame of work.
Fig. 5 is the schematic block diagram according to the webserver 22 of the embodiment of the invention.The webserver 22 preferably includes a user interface 70, an authentication server 72 and the user record 74 that software is realized.User interface 70 preferably includes input and output, for example such as keyboard, keypad, display screen, mouse, joystick, tracking ball etc.
User record 74 preferably includes specific user's clauses and subclauses (entry), and specific user's clauses and subclauses comprise the tabulation of customer identification information and the Internet resources that are authorized to.Specific user's clauses and subclauses can also comprise time restriction and/or to other restrictions of this specific user.
Though authentication server 72 and user record 74 are displayed on the webserver 22, authentication server 72 and/or user record 74 can be operated in can be by on the another one equipment in the network of network server access.In addition, comprise single authentication server 72 though the webserver 22 is illustrated as, a network of operation can comprise one or more authentication servers according to the present invention.
Fig. 6 is that 100 function diagram is acted on behalf of in a checking of disposing on switching node 14 according to one embodiment of present invention.Checking agency 100 preferably is similar to the software module that 60a is acted on behalf of in the checking that is realized by management processor module 60.Checking agency 100 preferably also disposes an address of switching node 14 and an address of authentication server 72.This configuration address is an IP address preferably.An authentication secret of all right configuration server of checking agency.
Checking agency 100 preferably includes a connection and sets up module 110, and one that is used to set up with authentication server 72 reliably is connected.About this point, connect and to set up module 110 and use the known address of servers to ask and being connected of authentication server 72, and confirm from the server to this type of request responding.Connect and to set up module 110 and also launch and be enough to make information that checking agency 100 and server 72 can verify each other to authentication server 72 neutralizations this information of reception from authentication server 72.Preferably, the exchange by the authentication secret of configuration on checking agency 100 and server 72 realizes mutual checking.
Module 110 is set up in this connection can be encrypted in the information that the information reconciliation code encryption of launching during the process is set up in reliable connection.Considered between checking agency 100 and server 72 flow based on TCP/IP.If a plurality of authentication servers exist, checking agency 100 preferably disposes the address and the authentication secret of each authentication server.Fail if set up with a reliable trial that is connected of particular server, then checking agency 100 can use the known address of another one authentication server to realize that aforesaid process is till one connection is established reliably.
This checking agency 100 preferably also comprises a sign (ID) request module 120.ID request module 120 is used for obtaining identifying information from the checking passenger plane 52 that is operated in main frame 12.The request that ID request module 120 also is used for confirming receiving from checking client module 52 is so that set up a checking session.For example considered to use such as the IP-based stream of the software application of Telnet or XCAP or between checking agency 100 and client's module 52 based on the stream of MAC preferably, this stream uses the checking of disposing on client's module to act on behalf of 100 reservation MAC Address or IP address by checking client module 52 to start.
This checking agency 100 preferably also comprises an ID trunk module 130, is used for a request is transferred to authentication server 72 so that the checking customer identification information.The known address of ID trunk module 130 best related switching nodes 14, with by the user for the identifier of the relevant authentication module 64 of the employed main frame of checking 12 and login identifying information.ID trunk module 130 is preferably launched relevant identifying information and is used for checking to authentication server 72.
Except top, checking agency 100 comprises that is also examined a trunk module 140, is used for transmitting the user state information of receiving from authentication server 72 based on this identifying information.User state information preferably includes a login effectively or login invalid message, and this depends on whether authentication server 72 can successfully verify this identifying information.This is examined trunk module 140 and preferably this user state information is transmitted into main frame 12 and is used to be presented at user interface 50.For example considered between checking agency 100 and client's module 52, to use such as Telnet or XCAP the IP-based stream of software application or based on the stream of MAC.
Checking agency 100 comprises also that preferably a session stops module 150, if a user is used to stop a checking session when being verified failure.Session stops module 150 and is preferably in login failure afterwards to a checking of checking client module 52 emissions session termination messages.Session stops module 150 and also stops and the checking session of verifying client's module 52.
Checking agency 100 also comprises a resource trunk module 160, is used to the checking user of main frame 12 to transmit the link information of receiving that is authorized to from authentication server 72 and is used for storage and uses at switching node 14.The link information that is authorized to can be transmitted into checking agency 100 as user connection information by authentication server 72 in same packet.The link information that is authorized to preferably includes a tabulation of the Internet resources that the user is authorized to.The tabulation of the Internet resources that are authorized to is a tabulation of one or more vlan identifiers preferably.
The link information that is authorized to also can comprise time restriction, this time restriction best definition therebetween the user be authorized to use the time that is authorized to Internet resources, such as the time in that day in the week, one day with allow the time length of visit.Other traditional in this area restriction also can put on this authorized users.Best and corresponding authentication module 64 identifiers of the link information that is authorized to are transmitted to management processor module 60 by checking agency 100 together.Management processor module 60 preferably is associated the known address of the link information that is authorized to the main frame 12 that is verified user's use, and this a pair of being stored in the equipment records.This address is a MAC Address preferably.
Equipment records is preferably in and is used on the switching node 14 so that to receiving from the user and filtering and transmit decision to user's grouping.If main frame 12 is not verified,, preferably is received authentication module 64 by the grouping of main frame emission and loses unless issue checking agency 100.If main frame 12 is verified, then is transmitted to another one and verifies that the branch of main frame is carefully optionally transmitted according to following rule by the checking main frame:
1., then the equipment records on the node is taken measures to share a public VLAN so that examine the source and target main frame if destination address is another host address relevant with switching node 14.If VLAN is shared, then grouping is forwarded to destination host.If VLAN is not shared, then divide into groups to be lost.
2., then the equipment records on the node is taken measures with the retrieval vlan identifier relevant with source host if destination address is not another host address relevant with switching node 14.This vlan identifier preferably is affixed in the grouping and this grouping is launched by trunk module 62.When grouping arrives on the switching node relevant with destination host, the equipment records on the node is taken measures to share a public VLAN so that examine the source and target main frame.If VLAN is shared, then grouping is forwarded to destination host.If VLAN is not shared, then divide into groups to be lost.
Issue in the network and do not continued to be lost by the grouping of probatio inspectionem pecuoarem main frame.Use variety of protocol known in the art can realize the rule of front.Should be appreciated that, in order under aforementioned rule, to transmit and receive grouping, any addressable core, edge or terminal equipment in the network that can require checking not, stand and main frame is treated as the system that has verified.
Checking agency 100 comprises that also an ID stops module 170, is used for main frame 12 is returned to not proofing state from proofing state.This preferably occur in receive from the communication capacity period expires that exit command, be authorized to, checking main frame 12 from the network physics of checking among the user disconnect, checking main frame 12 sends service fails and/or receives from authentication server 72 after the instruction of the network communications capability of cancelling this foundation in a stipulated time length.ID stop module 170 preferably to management processor module 60 pass on one require so that remove the communication capacity data entries that user that communication capacity will be undone is authorized to the address in the slave unit record.One receives a such request, then removes this in the management processor module 60 best slave unit records and is requested clauses and subclauses and verifies that main frame 12 preferably recovers not proofing state.
Connect foundations, ID request, ID relaying, examine relaying, session termination, resource relaying and ID termination module 110-170 software module preferably., one skilled in the art would recognize that these modules can be designed as the combination of hardware, firmware and/or software.Those skilled in the art it should further be appreciated that, but checking agency 100 can comprise other module of unexposed this area routine.
Fig. 7 is the function diagram of authentication server 72 according to an embodiment of the invention.Authentication server 72 comprises a resource authorization module 210, preferably allows specific user's clauses and subclauses (entry) of a network manager input communication net authorized user.Resource approval module 210 preferably provides a text and/or graphical display to user interface 70, and it can operate from accepting specific user's clauses and subclauses.Resource approval module 210 is preferably relevant to being stored in the user record 74 as one each specific user's clauses and subclauses.Each specific user's clauses and subclauses preferably comprises a user identifier and customer identification information, such as, the user cipher that is verified is so that visit VLAN16,18 or 20.Specific user's clauses and subclauses can also comprise for example restricted information such as the time restriction of authorized user.
If this user is authorized to (no matter restriction or without limits), then ID authentication module 230 preferably produces the link information that is verified.About this point, ID authentication module 230 is retrieved the relevant tabulation that is authorized to Internet resources of User Recognition message with coupling from user record 74.The link information that is authorized to can also comprise restriction any time.
If ID authentication module 230 is much to seek the coupling of customer identification information in the user record 74, if perhaps the user is not authorized by the time, then the ID authentication module produces and is transmitted to checking agency 100 user state informations, and this information is preferably logined the form of invalid message.
User tracking information can also comprise the time of carrying out login attempt.Time can remain in the authentication server 72 and from this server and obtain.User tracking information can also comprise withdraw from, send/receive packet count, MAC Address of main frame 12 or the like.Authentication server 72 is associated user trace information and this information is stored in (not shown) in the network activation database as clauses and subclauses preferably, and it can or be positioned on the webserver 22 by the webserver 22 visits.The clauses and subclauses of network activation database can be by network manager by user interface 70 visits.
Except top, authentication server 72 preferably also comprises a network monitoring module 250.Network monitoring module 250 is preferably used in and makes network manager can visit and use the user tracking information that is produced by ID memory module 240.That network monitoring module 250 provides a text and/or graphical display is to user interface 70, and it can be operated and show this user tracking information.Network monitoring module 250 also makes network manager produce the user tracking information report of being made up of relevant information according to one or more user tracking information clauses and subclauses.
Resource authorization, connection foundation, ID checking, ID storage and network monitoring module 210-250 be software module preferably., one skilled in the art would recognize that these modules can be designed as the combination of hardware, firmware and/or software.Those skilled in the art it should further be appreciated that, but server 72 can comprise other module of unexposed this area routine.
Fig. 8 is the function diagram that is arranged in biostatistics client's module 54 of main frame 12 according to an embodiment of the invention.Biostatistics client's module 54 preferably includes a biostatistics initialization module 310, checking display module 320 and IC transmitter module 330.These modules are software module preferably., one skilled in the art would recognize that these modules can be designed as the combination of hardware, firmware and/or software.Those skilled in the art it should further be appreciated that, but biostatistics client module 54 can comprise other module of unexposed this area routine.
Biostatistics initialization module 310 is preferably in the Biostatistically verified session that main frame 12 starts request afterwards and foundation and biometric system 10.Perhaps, biostatistics initialization module 310 can be activated by user's a direct action.Biostatistics initialization module 310 is preferably launched a request of setting up Biostatistically verified session by USB to biometric system 10.The 310 best periodic transmission requests of biostatistics initialization module are up to biometric system 10 responses and carry out the checking of user identity.
Checking display module 320 preferably provides this Biostatistically verified process result's text and/or graphical display to user interface 50.Whether such result can indicate this user's identity to be verified.This result also may comprise the score value of match-percentage between biostatistics sampling that indication provides and the biometric template of the storing.
If user's identity is verified, then IC transmitter module 330 preferably receives from the customer identification information in the biostatistics 10.ID transmitter module 330 is preferably launched identifying information and is given checking client module 52, is used for user rs authentication is entered one or more VLAN16,18,20.
Fig. 9 is the function diagram that is arranged in the checking client module 52 of main frame 12 according to an embodiment of the invention.Checking client module 52 preferably includes an ID initialization module 410, a checking display module 420 and an ID and disconnects module 430.These modules are software module preferably., those skilled in the art should admit that these modules can be designed as the combination of hardware, firmware and/or software.Those skilled in the art also should admit, but checking client module 52 can comprise other module of unexposed this area routine.
One receives customer identification information from biostatistics client module 54, a checking session of agency 100 is just asked and set up and verify to IC initialization module 410.ID initialization module 410 preferably uses agency's known address to set up the request of checking session to one of checking agency emission.Checking client module 54 preferably the periodic transmission request till checking agency 100 responses.Considered a stream based on MAC.Perhaps, can use an IP-based stream by for example software application such as Telnet or XCAP.
Checking display module 430 is passed on this login attempt whether success or failure to the user of main frame 12.Checking display module 430 provides a text and/or graphical display to user interface 50, and it can operate the explicit user state information, preferably login efficient message of receiving among the agency of the checking from switching node 14 100 or login invalid message.
ID disconnects module 440 startups and withdraws from process, and by this process, the user who is verified withdraws from this network.ID disconnects module 440 preferably provides a text and/or graphical display to user interface 50, and it can be operated and accept to exit command.ID disconnects module 440 and preferably launch to exit command and act on behalf of 100 to checking, is used to remove the network communications capability of having set up.
Figure 10 is the process chart of Biostatistically verified VLAN according to an embodiment of the invention.This process begins, and in step 500, switching node 14 is initialised.After initialization, it is to attempt to set up with the reliable of authentication server 72 to be connected that checking agency 100 utilizes the known address of server.In case the TCP session is successfully set up, then act on behalf of 100 and server 72 verify each other by the exchange and verification key.
In step 502, the user starts main frame 12, and biostatistics client module 54 is activated.Biostatistics client's module 54 detects the biostatistics 10 that is coupled on the main frame 12, and a request of emitting biological statistics proof procedure in step 504.About this point, user or automatically or in response to a prompting of main frame 12 or biometric system 10 provide a biostatistics to sample to biometric system.Matching engine 34 compares biostatistics sampling and the template that is stored in the biometric data storehouse 36, and exports a result, and this result represents whether this user identity is verified.As determined in step 506, if identity is verified, identifying information generator 38 provides the customer identification information relevant with matching template to biostatistics client module 54 in step 510.
In step 512, biostatistics client's module 54 provides customer identification information to checking client module 52.In step 514, call an authentication procedures based on this customer identification information.About this point, the checking agency 100 who is arranged in switching node 14 is given in checking request of checking client module 52 emissions.The customer identification information that is provided by biostatistics client module 54 is be provided in this request.The checking request is transmitted to agency 100 termly till this proxy response.
Checking agency 100 receives these requests and to the identifier of the address of authentication server 72 these customer identification informations of emission and switching node 14 and the authentication module 64 relevant with main frame 12.Authentication server 72 is searched the specific user's clauses and subclauses with the information of mating with this customer identification information in user record 74.If coupling clauses and subclauses are found, then the restriction of 72 reviews time of authentication server.As determined in step 516, if the user was authorized by the time, then authentication server 72 retrievals are verified the tabulation and the time restriction of Internet resources, and this information and user state information are transmitted to checking client module 52 together.User state information is a login efficient message preferably.
If it is found not mate clauses and subclauses, if perhaps this user is not authorized by the time, then a user state information (preferably to login the form of invalid message) is returned to checking client module 52 in step 520.
Referring to step 506, if based on the biostatistics sampling that is provided, user's identity is not verified again, then determines whether to have carried out the checking trial of maximum number in step 508.If answer is then sampled based on the biostatistics that newly provides for not, biostatistics client's module 52 is preferably called Biostatistically verified process again.
Though described the present invention in some certain embodiments, those skilled in the art can have no difficulty and design the various variations that do not break away from the scope of the invention and spirit.For example, though, those skilled in the art will recognize that any of these task can be combined into a specific modules or become module separately with respect to having described the present invention with the specific software module that specific biostatistics is examined or validation task is relevant.Therefore should be appreciated that except clearly being described, the present invention also can be implemented.Therefore, it is illustrative rather than determinate that the embodiment of the invention all should be considered as in every respect, scope of the present invention by accessory claim and they be equal to rather than above stated specification is represented.
Claims (27)
1. subscriber authentication system that is used for communication network comprises:
A first node; With
Be coupled to a Section Point of first node, it is characterized in that:
Section Point receives from a biostatistics sampling in the individuality, sample based on biostatistics and to examine this individual identity, with after this individual identity verification, discharge the customer identification information relevant with this individuality, this customer identification information is sent to the indentification protocol that first node is used to carry out with the 3rd node and exchanges.
2. subscriber authentication system as claimed in claim 1, its feature also is: the 3rd node allows first node to visit one or more Virtual Local Area Network based on this customer identification information.
3. subscriber authentication system as claimed in claim 2, its feature also is: if the visit of seeking outside the access time of definition, then the 3rd node refusal first node is visited one or more VLAN.
4. subscriber authentication system as claimed in claim 1, wherein, the biostatistics sampling is a physiological property of this individuality.
5. subscriber authentication system as claimed in claim 1, wherein, this customer identification information comprises a user name and password.
6. subscriber authentication system that is used for communication network comprises:
One can be used to visit one or more Virtual Local Area Network by the main frame of the visit of body one by one;
Reception is from the biometric system of this individual biostatistics sampling, examines this individual identity and identity that should individuality and is verified then discharges customer identification information if this biostatistics is sampled based on this biostatistics; With
A switching node receives by the customer identification information of biometric system generation and according to this customer identification information and allows the one or more VLAN of host access.
7. subscriber authentication system as claimed in claim 6, wherein, the biostatistics sampling is a physiological property of this individuality.
8. subscriber authentication system as claimed in claim 6, wherein, this customer identification information comprises a user name and password.
9. subscriber authentication system as claimed in claim 6, also comprise: an authentication server that is coupled to switching node, this authentication server compare the user data of customer identification information and storage and retrieve the tabulation of the VLAN that is authorized to after a coupling is arranged.
10. subscriber authentication system as claimed in claim 6, wherein, if the visit of seeking outside the access time of a definition this main frame be rejected the visit one or more VLAN.
11. a subscriber authentication system that is used for communication network comprises:
An input is used for receiving a biostatistics sampling from individuality;
First engine that is coupled to this input is used for examining this individual identity based on this biostatistics sampling; With
Second engine that is coupled to first engine, if be used for should individuality identity examined by first engine then discharge customer identification information, this customer identification information is used to one or more VLANs of determining that this individuality is authorized to.
12. subscriber authentication system as claimed in claim 11, wherein, first engine compares biostatistics sampling and the biometric data that stores and relatively returns a result based on this.
13. subscriber authentication system as claimed in claim 12 also comprises an output that is used to show this result.
14. subscriber authentication system as claimed in claim 11, wherein, the biostatistics sampling is a physiological property of this individuality.
15. subscriber authentication system as claimed in claim 11, wherein, this customer identification information comprises a user name and password.
16. a user authentication method that is used for communication system, this method comprises the steps:
A biostatistics that receives self energy to visit in the individuality of first node is sampled;
Examine this individual identity based on this biostatistics sampling;
If identity that should individuality is verified, then discharge customer identification information; With
Carry out an indentification protocol exchange, the customer identification information that comprises the emission generation is to Section Point.
17. user authentication method as claimed in claim 16 also comprises the steps: to allow first node to visit one or more Virtual Local Area Network based on this customer identification information.
18. user authentication method as claimed in claim 17 also comprises the steps: if the visit of seeking outside the access time of definition, is then refused first node and visited one or more VLAN.
19. user authentication method as claimed in claim 16, wherein, the biostatistics sampling is a physiological property of this individuality.
20. user authentication method as claimed in claim 16, wherein, this customer identification information comprises a user name and password.
21. a user authentication method that is used for communication system, this method comprises the steps:
A biostatistics that receives self energy to visit in the individuality of first node is sampled;
This biostatistics sampling is compared with the biometric data that stores;
The coupling of the biometric data that responds this biostatistics sampling and store discharges customer identification information;
The customer identification information that produces and the user data of storage are compared;
The coupling of response customer identification information and storage user data, a tabulation of the Virtual Local Area Network that retrieval is authorized to; With
The VLAN that allows this first node visit to be verified.
22. user authentication method as claimed in claim 20, wherein, the biostatistics sampling is a physiological property of this individuality.
23. user authentication method as claimed in claim 20, wherein, this customer identification information comprises a user name and password.
24. user authentication method as claimed in claim 20 also comprises the steps: if the visit of seeking outside the access time of definition, is then refused first node and visited one or more VLAN.
25. a user authentication method that is used for communication system, this method comprises the steps:
A biostatistics that receives self energy to visit in the individuality of first node is sampled;
Examine this individual identity based on this biostatistics sampling; With
If identity that should individuality is verified, allow first node to visit one or more Virtual Local Area Network.
26. user authentication method as claimed in claim 25, wherein, the biostatistics sampling is a physiological property of this individuality.
27. user authentication method as claimed in claim 25 also comprises the steps: if the visit of seeking outside the access time of definition, is then refused first node and visited one or more VLAN.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US27411301P | 2001-03-08 | 2001-03-08 | |
US60/274,113 | 2001-03-08 | ||
US10/011,842 US20020129285A1 (en) | 2001-03-08 | 2001-12-04 | Biometric authenticated VLAN |
US10/011,842 | 2001-12-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1400771A true CN1400771A (en) | 2003-03-05 |
CN100461686C CN100461686C (en) | 2009-02-11 |
Family
ID=26682854
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB021215367A Expired - Fee Related CN100461686C (en) | 2001-03-08 | 2002-03-08 | Biostatistically verified VLAN |
Country Status (4)
Country | Link |
---|---|
US (1) | US20020129285A1 (en) |
EP (1) | EP1244273A3 (en) |
JP (1) | JP4287615B2 (en) |
CN (1) | CN100461686C (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1610297B (en) * | 2003-10-17 | 2010-12-08 | 微软公司 | Network fingerprinting |
CN102932792A (en) * | 2012-11-14 | 2013-02-13 | 邦讯技术股份有限公司 | Method and controller for realizing wireless network cloud |
Families Citing this family (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2392229C (en) | 1999-11-30 | 2016-08-30 | Transforming Technologies, Inc. | Methods, systems, and apparatuses for secure interactions |
WO2001042938A1 (en) * | 1999-12-10 | 2001-06-14 | Fujitsu Limited | Personal authentication system and portable electronic device having personal authentication function using body information |
WO2001088677A2 (en) * | 2000-05-18 | 2001-11-22 | Stefaan De Schrijver | Apparatus and method for secure object access |
US7085840B2 (en) * | 2001-10-29 | 2006-08-01 | Sun Microsystems, Inc. | Enhanced quality of identification in a data communications network |
US20030084302A1 (en) * | 2001-10-29 | 2003-05-01 | Sun Microsystems, Inc., A Delaware Corporation | Portability and privacy with data communications network browsing |
US7275260B2 (en) | 2001-10-29 | 2007-09-25 | Sun Microsystems, Inc. | Enhanced privacy protection in identification in a data communications network |
US20030084172A1 (en) * | 2001-10-29 | 2003-05-01 | Sun Microsystem, Inc., A Delaware Corporation | Identification and privacy in the World Wide Web |
US7085860B2 (en) * | 2002-01-11 | 2006-08-01 | International Business Machines Corporation | Method and apparatus for a non-disruptive recovery of a single partition in a multipartitioned data processing system |
US7069444B2 (en) * | 2002-01-25 | 2006-06-27 | Brent A. Lowensohn | Portable wireless access to computer-based systems |
US6993659B2 (en) * | 2002-04-23 | 2006-01-31 | Info Data, Inc. | Independent biometric identification system |
US7249177B1 (en) * | 2002-11-27 | 2007-07-24 | Sprint Communications Company L.P. | Biometric authentication of a client network connection |
CN1751479A (en) * | 2002-12-11 | 2006-03-22 | Para3公司 | Communication system, communication terminal comprising virtual network switch and portable electronic device comprising organism recognition unit |
DE10315526A1 (en) * | 2003-04-04 | 2004-10-28 | Siemens Ag | Safe switching of operating mode of industrial controller for machine tool or production machine, by transmitting binary enable signal to operating panel after user identification |
US7519989B2 (en) * | 2003-07-17 | 2009-04-14 | Av Thenex Inc. | Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions |
CA2552987C (en) * | 2004-03-26 | 2013-05-28 | Bce Inc. | Security system and method |
US9286457B2 (en) | 2004-06-14 | 2016-03-15 | Rodney Beatson | Method and system for providing password-free, hardware-rooted, ASIC-based authentication of a human to a mobile device using biometrics with a protected, local template to release trusted credentials to relying parties |
US8842887B2 (en) * | 2004-06-14 | 2014-09-23 | Rodney Beatson | Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device |
JP2006115072A (en) * | 2004-10-13 | 2006-04-27 | Chuden Cti Co Ltd | Vlan authentication device |
US9454657B2 (en) * | 2004-12-03 | 2016-09-27 | Bce Inc. | Security access device and method |
US20070140145A1 (en) * | 2005-12-21 | 2007-06-21 | Surender Kumar | System, method and apparatus for authentication of nodes in an Ad Hoc network |
JP5043455B2 (en) * | 2006-03-28 | 2012-10-10 | キヤノン株式会社 | Image forming apparatus, control method thereof, system, program, and storage medium |
US20070245152A1 (en) * | 2006-04-13 | 2007-10-18 | Erix Pizano | Biometric authentication system for enhancing network security |
JP5100172B2 (en) * | 2006-05-12 | 2012-12-19 | キヤノン株式会社 | Network system, device function restriction method, and computer program |
US20070288998A1 (en) * | 2006-05-23 | 2007-12-13 | Ganesh Gudigara | System and method for biometric authentication |
US20080023543A1 (en) * | 2006-07-25 | 2008-01-31 | Beisang Arthur A | Personal Verification System |
US8838989B2 (en) * | 2008-01-24 | 2014-09-16 | Blackberry Limited | Optimized biometric authentication method and system |
US8132019B2 (en) | 2008-06-17 | 2012-03-06 | Lenovo (Singapore) Pte. Ltd. | Arrangements for interfacing with a user access manager |
US9159187B2 (en) * | 2010-11-23 | 2015-10-13 | Concierge Holdings, Inc. | System and method for verifying user identity in a virtual environment |
KR20120072032A (en) * | 2010-12-23 | 2012-07-03 | 한국전자통신연구원 | The system and method for performing mutual authentication of mobile terminal |
US20130205377A1 (en) * | 2012-02-03 | 2013-08-08 | Yiou-Wen Cheng | Methods using biometric characteristics to facilitate access of web services |
US9965607B2 (en) | 2012-06-29 | 2018-05-08 | Apple Inc. | Expedited biometric validation |
US9521130B2 (en) | 2012-09-25 | 2016-12-13 | Virnetx, Inc. | User authenticated encrypted communication link |
US8438631B1 (en) | 2013-01-24 | 2013-05-07 | Sideband Networks, Inc. | Security enclave device to extend a virtual secure processing environment to a client device |
JP6127617B2 (en) * | 2013-03-15 | 2017-05-17 | 株式会社リコー | Service providing system, service providing method, and service providing program |
US9928355B2 (en) | 2013-09-09 | 2018-03-27 | Apple Inc. | Background enrollment and authentication of a user |
US20150089240A1 (en) * | 2013-09-21 | 2015-03-26 | Dmitri Itkis | Biometric management system |
WO2015174968A1 (en) * | 2014-05-13 | 2015-11-19 | Hewlett-Packard Development Company, L.P. | Network access control at controller |
JP6561501B2 (en) * | 2015-03-10 | 2019-08-21 | 株式会社リコー | Apparatus, authentication system, authentication processing method, authentication processing program, and storage medium |
KR20170098105A (en) * | 2016-02-19 | 2017-08-29 | 삼성전자주식회사 | Electronic apparatus having authentication module and method for authenticating user by controlling authentication module |
US10003464B1 (en) * | 2017-06-07 | 2018-06-19 | Cerebral, Incorporated | Biometric identification system and associated methods |
Family Cites Families (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4896319A (en) * | 1988-03-31 | 1990-01-23 | American Telephone And Telegraph Company, At&T Bell Laboratories | Identification and authentication of end user systems for packet communications network services |
US4922486A (en) * | 1988-03-31 | 1990-05-01 | American Telephone And Telegraph Company | User to network interface protocol for packet communications networks |
US4962449A (en) * | 1988-04-11 | 1990-10-09 | Artie Schlesinger | Computer security system having remote location recognition and remote location lock-out |
US5414844A (en) * | 1990-05-24 | 1995-05-09 | International Business Machines Corporation | Method and system for controlling public access to a plurality of data objects within a data processing system |
US5191613A (en) * | 1990-11-16 | 1993-03-02 | Graziano James M | Knowledge based system for document authentication |
US5272754A (en) * | 1991-03-28 | 1993-12-21 | Secure Computing Corporation | Secure computer interface |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
US5249230A (en) * | 1991-11-21 | 1993-09-28 | Motorola, Inc. | Authentication system |
US5276735A (en) * | 1992-04-17 | 1994-01-04 | Secure Computing Corporation | Data enclave and trusted path system |
US5311593A (en) * | 1992-05-13 | 1994-05-10 | Chipcom Corporation | Security system for a network concentrator |
US5469576A (en) * | 1993-03-22 | 1995-11-21 | International Business Machines Corporation | Front end for file access controller |
GB2281645A (en) * | 1993-09-03 | 1995-03-08 | Ibm | Control of access to a networked system |
EP0720796B1 (en) * | 1993-09-20 | 1997-07-16 | International Business Machines Corporation | System and method for changing the key or password in a secure distributed communications network |
US5343529A (en) * | 1993-09-28 | 1994-08-30 | Milton Goldfine | Transaction authentication using a centrally generated transaction identifier |
US5631897A (en) * | 1993-10-01 | 1997-05-20 | Nec America, Inc. | Apparatus and method for incorporating a large number of destinations over circuit-switched wide area network connections |
US5564016A (en) * | 1993-12-17 | 1996-10-08 | International Business Machines Corporation | Method for controlling access to a computer resource based on a timing policy |
US5761309A (en) * | 1994-08-30 | 1998-06-02 | Kokusai Denshin Denwa Co., Ltd. | Authentication system |
US5774525A (en) * | 1995-01-23 | 1998-06-30 | International Business Machines Corporation | Method and apparatus utilizing dynamic questioning to provide secure access control |
JPH08235114A (en) * | 1995-02-28 | 1996-09-13 | Hitachi Ltd | Server access method and charge information managing method |
US5721780A (en) * | 1995-05-31 | 1998-02-24 | Lucent Technologies, Inc. | User-transparent security method and apparatus for authenticating user terminal access to a network |
US5696898A (en) * | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
US5774551A (en) * | 1995-08-07 | 1998-06-30 | Sun Microsystems, Inc. | Pluggable account management interface with unified login and logout and multiple user authentication services |
US5721779A (en) * | 1995-08-28 | 1998-02-24 | Funk Software, Inc. | Apparatus and methods for verifying the identity of a party |
US5784566A (en) * | 1996-01-11 | 1998-07-21 | Oracle Corporation | System and method for negotiating security services and algorithms for communication across a computer network |
FR2745136B1 (en) * | 1996-02-15 | 1998-04-10 | Thoniel Pascal | SECURE IDENTIFICATION METHOD AND DEVICE BETWEEN TWO TERMINALS |
US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
US6061790A (en) * | 1996-11-20 | 2000-05-09 | Starfish Software, Inc. | Network computer system with remote user data encipher methodology |
US5796942A (en) * | 1996-11-21 | 1998-08-18 | Computer Associates International, Inc. | Method and apparatus for automated network-wide surveillance and security breach intervention |
US5889958A (en) * | 1996-12-20 | 1999-03-30 | Livingston Enterprises, Inc. | Network access control system and process |
US5852714A (en) * | 1997-05-21 | 1998-12-22 | Eten Information System Co., Ltd. | Real time broadcasting system on an internet |
US6070243A (en) * | 1997-06-13 | 2000-05-30 | Xylan Corporation | Deterministic user authentication service for communication network |
US6070240A (en) * | 1997-08-27 | 2000-05-30 | Ensure Technologies Incorporated | Computer access control |
US6038666A (en) * | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
US6618806B1 (en) * | 1998-04-01 | 2003-09-09 | Saflink Corporation | System and method for authenticating users in a computer network |
US7272723B1 (en) * | 1999-01-15 | 2007-09-18 | Safenet, Inc. | USB-compliant personal key with integral input and output devices |
US6829711B1 (en) * | 1999-01-26 | 2004-12-07 | International Business Machines Corporation | Personal website for electronic commerce on a smart java card with multiple security check points |
US6496595B1 (en) * | 2000-05-19 | 2002-12-17 | Nextgenid, Ltd. | Distributed biometric access control apparatus and method |
-
2001
- 2001-12-04 US US10/011,842 patent/US20020129285A1/en not_active Abandoned
-
2002
- 2002-03-05 EP EP02400015A patent/EP1244273A3/en not_active Withdrawn
- 2002-03-06 JP JP2002060220A patent/JP4287615B2/en not_active Expired - Fee Related
- 2002-03-08 CN CNB021215367A patent/CN100461686C/en not_active Expired - Fee Related
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1610297B (en) * | 2003-10-17 | 2010-12-08 | 微软公司 | Network fingerprinting |
CN102932792A (en) * | 2012-11-14 | 2013-02-13 | 邦讯技术股份有限公司 | Method and controller for realizing wireless network cloud |
WO2014075375A1 (en) * | 2012-11-14 | 2014-05-22 | 邦讯技术股份有限公司 | Method and controller for implementing wireless network cloud |
CN102932792B (en) * | 2012-11-14 | 2016-06-15 | 邦讯技术股份有限公司 | A kind of method realizing wireless network cloud and controller |
Also Published As
Publication number | Publication date |
---|---|
EP1244273A3 (en) | 2005-07-13 |
US20020129285A1 (en) | 2002-09-12 |
EP1244273A2 (en) | 2002-09-25 |
CN100461686C (en) | 2009-02-11 |
JP2002373153A (en) | 2002-12-26 |
JP4287615B2 (en) | 2009-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100461686C (en) | Biostatistically verified VLAN | |
CN100591011C (en) | Identification method and system | |
US8627417B2 (en) | Login administration method and server | |
US7870599B2 (en) | Multichannel device utilizing a centralized out-of-band authentication system (COBAS) | |
CN1756156A (en) | Be used for coming at access to netwoks the equipment and the method for authenticated user in communication system | |
US20050076246A1 (en) | Method and apparatus for network security using a router based authentication system | |
US8966263B2 (en) | System and method of network equipment remote access authentication in a communications network | |
CN1787533A (en) | Virtual private network connection methods and systems | |
CN1913474A (en) | Method and system for catching connection information of network auxiliary request part | |
WO2006020329B1 (en) | Method and apparatus for determining authentication capabilities | |
US20090238172A1 (en) | Ip phone terminal, server, authenticating apparatus, communication system, communication method, and recording medium | |
WO2021145555A1 (en) | Blockchain-based multinode authentication method and apparatus therefor | |
KR100763131B1 (en) | Access and Registration Method for Public Wireless LAN Service | |
CN108924122A (en) | A kind of network enemy and we recognition methods and system | |
CN1601954A (en) | Moving principals across security boundaries without service interruption | |
KR102278808B1 (en) | System for single packet authentication using tcp packet and method thereof | |
CN1783780A (en) | Method and device for realizing domain authorization and network authority authorization | |
EP1244265A2 (en) | Integrated policy implementation service for communication network | |
US7631344B2 (en) | Distributed authentication framework stack | |
JP2001186186A (en) | Device for exchanging packets, network system and method for exchanging packets | |
JP3953963B2 (en) | Packet communication device with authentication function, network authentication access control server, and distributed authentication access control system | |
CN1771711B (en) | Secure distributed system for management of local community representation within network devices | |
CN101848228A (en) | Method and system for authenticating computer terminal server ISP identity by using SIM cards | |
CN1798149A (en) | Network account information accessing aviso system and method based on mobile communication terminal | |
JP2004021761A (en) | Authentication access control server device, authentication access control method, authentication access control program, and storage medium with the program stored therein |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090211 Termination date: 20160308 |
|
CF01 | Termination of patent right due to non-payment of annual fee |